VYPR

Go modules package

charm.land/wish/v2

pkg:golang/charm.land/wish/v2

Vulnerabilities (1)

  • CVE-2026-41589CriMay 7, 2026
    affected < 2.0.1fixed 2.0.1

    Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary file